Draft -09 is now posted. Main changes include: o Fixed typos, editorial changes. Thanks to Dick for his useful feedback. o Added token expiration example. o Added scope parameter to end-user authorization endpoint response and WWW-Authenticate header. o Added note about parameters with empty values (same as omitted). o Changed parameter values to use '-' instead of '_'. Parameter names still use '_'. o Changed authorization endpoint client type to response type with values: code, token, or both. o Complete cleanup of error codes. Added support for error description and URI. o Add initial extensibility support.
Draft -09 represents what I consider to be the first feature complete proposal. While it still needs much work, it has notes for open issues and missing parts. I plan to give people 2 weeks to review and provide extensive feedback, and will post one more draft before the 7/12 cutoff date for the meeting. My goal is to collect enough feedback to declare the next draft (-10) stable for wider implementation. If you were waiting for a stable draft to study and provide extensive feedback, this is the draft! When giving feedback pretend this is your last chance to making a significant contribution or changes to the core specification. Please submit feedback by 7/9. When submitting feedback please start a new thread for each item. Editorial commentary can be collected in one post (and please send to the list, even if it is minor, because I tend to get the same typo correction many times). Thanks, EHL
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
